---
title: Permissions
info: "Learn how to control access: assign roles and set permissions."
image: /images/user-guide/permissions/permissions.png
sectionInfo: Configure your Twenty workspace settings and preferences
---
<Frame>
  <img src="/images/user-guide/permissions/permissions.png" alt="Header" />
</Frame>

Twenty's permission system allows you to control access to three main areas:
- **Objects and Fields**: Control who can view, edit, or delete records and individual fields
- **Settings**: Manage access to workspace configuration and administrative functions
- **Actions**: Control general workspace actions like importing data or sending emails

## Create a Role

To create a new role:

1. Go to **Settings → Roles**
2. Under **All Roles**, click on **+ Create Role**
3. Enter a role name
4. In the default **Permissions** tab, configure permissions
5. Click **Save** to finish

## Delete a Role

To delete a role:

1. Go to **Settings → Roles**
2. Click on the role you want to remove
3. Open the **Settings** tab, then click **Delete Role**
4. Click **Confirm** in the modal

Note: If a role is deleted, any workspace member assigned to it will be automatically reassigned to the default role. All except the **Admin** role can be deleted. There must always be at least one member assigned to the **Admin** role.

## Assign Roles to Members

### View Current Assignments
- Go to **Settings → Roles**
- See all roles and how many members are assigned to each
- View which members have which roles

### Assign a Role to a Member
1. Go to **Settings → Roles**
2. Click on the role you want to assign
3. Open the **Assignment** tab
4. Click **+ Assign to member**
5. Select the workspace member from the list
6. Confirm the assignment

### Set Default Role
1. Go to **Settings → Roles**
2. In the **Options** section, find **Default Role**
3. Select which role new members should automatically receive
4. New workspace members will be assigned this role when they join

**Note**: You can only assign roles to existing workspace members. To invite new members, use [Member Management](/user-guide/settings/member-management).

## Customize Permissions

Permissions determine what each role can access or modify within your workspace, including workspace objects records, settings, and actions.

### Object and Field Permissions

Control access to records and individual fields:

#### Object-Level Permissions
- Under **All Objects**, apply permissions like **See Record**, **Edit Records**, **Delete Records**, or **Destroy Records** to all objects
- Under **Object-Level Permissions**, configure exceptions for individual objects. These override the settings from **All Objects**

#### Field-Level Permissions
- Configure permissions for individual fields within each object
- Control who can **See Field**, **Edit Field**, or have **No Access** to specific fields
- Field permissions work the same way as object permissions with inheritance and overrides

#### Managing Permission Overrides
To override parent permissions and apply stricter rules:

- Click **X** to remove the inherited rule
- Select the specific permissions for the selected object or field
- Click the orange **Undo** icon (circular arrow) to revert changes

When done, click **Finish**, then **Save** once redirected to the role page.

### Workspace Settings Permissions

Control access to workspace settings in two ways:

- Toggle **Settings All Access** to grant full access 
- Or enable specific permissions (e.g., API key generation, workspace preferences, role assignment, data model configuration, security settings, and workflow management)

### Workspace Action Permissions

Control access to general workspace actions:

- Toggle **Application All Access** to grant full permissions
- Or enable individual actions such as **Send Email**, **Import CSV**, and **Export CSV**

